projects / platform / core / security / security-manager.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 8ec30a0)
Release 1.6.0 65/231365/5 submit/tizen/20200421.142342
authorTomasz Swierczek <t.swierczek@samsung.com>
Tue, 21 Apr 2020 12:21:11 +0000 (14:21 +0200)
committerTomasz Swierczek <t.swierczek@samsung.com>
Tue, 21 Apr 2020 13:34:54 +0000 (15:34 +0200)
Add RPM package for iptables rules needed for GID-based internet access control
Add new privilege-enforcing mechanism that uses privilege-Smack mapping
Mount namespace enhancements & fixes

With this release, versioning differs from branch tizen_5.5.

With this release, Tizen has 3 mechanisms for controlling internet access:

* nether
  - supports mutltiuser
  - allows dynamic policy change for app, during application runtime
  - complicated support for many protocols, many dependencies (mostly in kernel)
* iptables + privilege-to-GID mapping
  - supports multiuser
  - dissallows dynamic policy change
  - requires patches from upstream kernel & iptables
* privilege-to-Smack mapping
  - allows dynamic policy change
  - doesn't require any custom kernel changes
  - doesn't support simultaneous multiuser

Change-Id: I9984ce4f9a761be9182535ec60ee11dbb13acc77

packaging/security-manager.changes patch | blob | history
packaging/security-manager.spec patch | blob | history
pc/security-manager.pc.in patch | blob | history

diff --git a/packaging/security-manager.changes b/packaging/security-manager.changes
index 2ef67eb5b20326ae571d8b160d40b3e1f01e5e27..db62728933a890f582711460ea0726a86f566adc 100644 (file)
--- a/packaging/security-manager.changes
+++ b/packaging/security-manager.changes
@@ -1,3 +1,28 @@
+Release: 1.6.0
+Date:    2020.04.21
+Name:    Release 1.6.0
+Description:
+Fix security_manager_cleanup_app()
+Add group mapping for internal/appdebugging privilege
+Create new RPM for loading iptables rules at system start
+Properly handle nonexisting apps uninstallation
+Disable Smack privilege mapping configuration
+Fix multi-user detection
+Use mount namespace mount points to find running apps
+Remove privilege related Smack rules when multi-user is detected
+Change privilege related Smack rules on cynara policy change
+Remove privilege Smack mapping rules on application uninstallation
+Check if smack privilege mapping is enabled
+Add Smack template files manager
+Split smack API wrapper and rules management
+Add restriction for privilege smack mapping rules
+Change privilege and privilege status vector names for clarity
+Change cynara client check to admin check for allowed privs
+Add privilege-Smack mapping
+Fix security-manager worker
+
+###############################
+
 Release: 1.5.22
 Date:    2020.04.10
 Name:    Release 1.5.22
diff --git a/packaging/security-manager.spec b/packaging/security-manager.spec
index 17380e14d6f0558574bb02a089533cbbefc9b8a9..b5a8d7166faaf6926006a027b8bc8a3809f547e8 100644 (file)
--- a/packaging/security-manager.spec
+++ b/packaging/security-manager.spec
@@ -1,6 +1,6 @@
 Name:       security-manager
 Summary:    Security manager and utilities
-Version:    1.5.22
+Version:    1.6.0
 Release:    0
 Group:      Security/Service
 License:    Apache-2.0
diff --git a/pc/security-manager.pc.in b/pc/security-manager.pc.in
index 9ac13bbc9a4186083d000381a84e6917338ff8c0..db2317895fdb9f214ee590a24145662769edee6a 100644 (file)
--- a/pc/security-manager.pc.in
+++ b/pc/security-manager.pc.in
@@ -5,7 +5,7 @@ includedir=${prefix}/include
 
 Name: security-manager
 Description: Security Manager Package
-Version: 1.5.22
+Version: 1.6.0
 Requires:
 Libs: -L${libdir} -lsecurity-manager-client
 Cflags: -I${includedir}/security-manager
Domain: Security / Access Control;